Volume permissions
mateodemuynck
PROOP

8 months ago

Hello 👋
I have a problem running Opensearch on Railway. I would like to mount a volume on /usr/share/opensearch/data but, since the volume is mounted as root, Opensearch can't use it and I get errors. I tried to add RAILWAY_RUN_UID=0 as stated on Railway docs but Opensearch won't run as root :/
OpenSearch cannot run as root. Please start your container as another user.
Thanks for any help 🙂

Solved$10 Bounty

Pinned Solution

brody
EMPLOYEE

8 months ago

Something like this will likely need to be done -

https://github.com/railwayapp-templates/elasticsearch

10 Replies

mateodemuynck
PROOP

8 months ago

188bf912-f6d5-473b-a04c-28fcc7d44154

mateodemuynck
PROOP

8 months ago

As a workaround I used this start command but I'm not sure if it's suitable in a production environment 😦
bash -c "yum install -y sudo && chown -R 1000:1000 /usr/share/opensearch && sudo -E -u opensearch bash -c 'export PATH=$PATH:/usr/share/opensearch/bin && ./[opensearch-docker-entrypoint.sh](opensearch-docker-entrypoint.sh)'"

noahd
EMPLOYEE

8 months ago

Best practice is to do this in the dockerfile doing something like this
```docker
FROM opensearchproject/opensearch:latest

USER root

RUN chown -R 1000:1000 /usr/share/opensearch

USER 1000

CMD ["./opensearch-docker-entrypoint.sh"]
```
according to some articles I saw online. Let me know if this helps!

noahd

Best practice is to do this in the dockerfile doing something like this```dockerFROM opensearchproject/opensearch:latestUSER rootRUN chown -R 1000:1000 /usr/share/opensearchUSER 1000CMD ["./opensearch-docker-entrypoint.sh"]```according to some articles I saw online. Let me know if this helps!

brody
EMPLOYEE

8 months ago

Volumes aren't available during build, so chowning the folder at build won't do too much.

brody

Volumes aren't available during build, so chowning the folder at build won't do too much.

noahd
EMPLOYEE

8 months ago

Oh really? Well crap thats not ideal...

upside-down face1
noahd
EMPLOYEE

8 months ago

So would his solution be best?

brody
EMPLOYEE

8 months ago

Something like this will likely need to be done -

https://github.com/railwayapp-templates/elasticsearch

mateodemuynck
PROOP

8 months ago

I can't do this since opensearch container doesn't come with sudo installed. That's why i install it in the start command in my workaround :/
So looks like my solution wasn't "just" a workaround ?

noahd
EMPLOYEE

8 months ago

Take a peek at this as it looks to be doing something similar. https://github.com/railwayapp-templates/elasticsearch/blob/main/Dockerfile

noahd

Take a peek at this as it looks to be doing something similar. https://github.com/railwayapp-templates/elasticsearch/blob/main/Dockerfile

noahd
EMPLOYEE

8 months ago

As brody had sent^

Status changed to Solved brody • 8 months ago

Loading...